LikeMind · M
It's good to know that there are some techs' out there keeping an eye on security issues, albeit they are site users and not admins.
TheFakeSlimShady · 31-35, M
I've asked to get involved with the site on a voluntary basis many times... - I haven't had a response from them.
LikeMind · M
Is it easy for someone with your skill set to access the firewall?@TheFakeSlimShady:
TheFakeSlimShady · 31-35, M
@LikeMind: It's not that simple. :)
Nuno · Admin
Hello,
Thank you for this post. It's good to know there is at least one user investigating about potential holes in our security :)
We don't advertise them. They can be discovered by anyone.
Changing the ports or using a different domain/subdomain is just "false security".
The key point here is to prevent anyone using them.
Correct - we don't allow password authentication on our servers.
We don't have plain FTP activated. You wouldn't be able to use unencrypted FTP.
If you tried to login, you'd get:
"421 Sorry, cleartext sessions and weak ciphers are not accepted on this server."
Plus, you need Public/Private key to use FTP. Passwords are not allowed.
We have uninstalled FTP and our server isn't listening to FTP anymore.
Good question. I guess the service just enables it by default.
It is intentionally not accepting requests, anyway, so that's what matters :)
We have closed the IMAP port now.
Please feel free to let us know of more issues you see!
Thank you,
Nuno
Thank you for this post. It's good to know there is at least one user investigating about potential holes in our security :)
"1. You shouldn't be advertising all these services on your main domain, let alone on the standard/well known ports. Get them to listen on a sub-domain on non-conventional ports."
We don't advertise them. They can be discovered by anyone.
Changing the ports or using a different domain/subdomain is just "false security".
The key point here is to prevent anyone using them.
"2. Although, I will give you credit for this. Public/Private key 2-factor auth is good."
Correct - we don't allow password authentication on our servers.
"3. You're using FTP, which is completely unencrypted, switch to FTP over SSL."
We don't have plain FTP activated. You wouldn't be able to use unencrypted FTP.
If you tried to login, you'd get:
"421 Sorry, cleartext sessions and weak ciphers are not accepted on this server."
Plus, you need Public/Private key to use FTP. Passwords are not allowed.
We have uninstalled FTP and our server isn't listening to FTP anymore.
"4. Why is your server listening on 143 when your IMAP service doesn't allow authentication over plaintext?"
Good question. I guess the service just enables it by default.
It is intentionally not accepting requests, anyway, so that's what matters :)
We have closed the IMAP port now.
"I could go on and on and on..."
Please feel free to let us know of more issues you see!
Thank you,
Nuno
This comment is hidden.
Show Comment
MrSpecialEnough · 26-30, M
Are you IchBin?
TheFakeSlimShady · 31-35, M
I have no idea what you're talking about.
MrSpecialEnough · 26-30, M
@TheFakeSlimShady: Come on, dawg.
LoveChild · 26-30, F
He doesn't seem icky enough.

SW-User
* builds wall around you *
Ikr.. 😳
shakenama · M
You need to bring this up to https://similarworlds.com/Andrew
Looks as though he's an admin
Looks as though he's an admin
TheFakeSlimShady · 31-35, M
I have tried to communicate with Nuno and Andrew numerous times, I've even offered to assist the site on a voluntary basis. They simply just don't reply to me. It's only a matter of time until a script kiddie owns this site.
They don't even moderate the questions/stories that get posted here. The amount of shit that gets put on here is slowly wreaking the site anyway.
They don't even moderate the questions/stories that get posted here. The amount of shit that gets put on here is slowly wreaking the site anyway.
shakenama · M
@TheFakeSlimShady: yup... I've only been on for a week and noticed the lack of moderatrs. All the adult stuff being posted is making this trashy.
This comment is hidden.
Show Comment
This comment is hidden.
Show Comment
Socialclutz · 36-40, M
It means when the Russians hack this site we're gonna lose our SW coins. So be on the look out for a loss of sw coins while some hack is sending all the gifts mysteriously 🤣
This comment is hidden.
Show Comment
HaHLoBravado · 36-40, M
I think nerds are sooo groovy 😍